Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0d9de753 authored by Ivan Chiang's avatar Ivan Chiang Committed by Nishith Khanna
Browse files

Reapply "[PM] Check unknown sources user restriction for intent installation" 

This reverts commit 29962260bd043c197e411b690e862a318b31bae5.
Fix the issues and reland the patch.

Bypass the unknown source user restrictions check when either of the
following two conditions is met:
1. An installer with the INSTALL_PACKAGES permission initiated the
   installation via the PackageInstaller APIs and not via an
   ACTION_VIEW or ACTION_INSTALL_PACKAGE intent.
2. An installer is a privileged app and initiated the installer via
   the ACTION_INSTALL_PACKAGE or ACTION_VIEW intent, but it has set
   the EXTRA_NOT_UNKNOWN_SOURCE flag to be true in the intent.

Flag: EXEMPT BUGFIX
Bug: 438352252
Test: atest CtsDevicePolicyManagerTestCases:MixedProfileOwnerTest#testPackageInstallUserRestrictions
Test: atest CtsDevicePolicyManagerTestCases:MixedManagedProfileOwnerTest#testPackageInstallUserRestrictions
Test: atest CtsPackageInstallTestCases:IntentTest
Test: atest CtsPackageInstallSessionTestCases:SessionTest
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:81f83fdb0944d0d8a3337d2578d73dd77d60143b
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:6e0b7c02e54a0c8f26ecb2eefd136677df7decfc
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:9d20d0ae8fef770df8788e287feee1bdaa1d82fe
Merged-In: Ib917acb2c4738f6a4758b8ca149b80943f00acca
Change-Id: Ib917acb2c4738f6a4758b8ca149b80943f00acca
parent dbef2a51

packages/PackageInstaller/src/com/android/packageinstaller/InstallStart.java

+17 −3
Original line number Diff line number Diff line
@@ -95,6 +95,7 @@ public class InstallStart extends Activity { 
        // be PIA.

        int originatingUid = callingUid;



        String intentAction = intent.getAction();

        final boolean isSessionInstall =

                PackageInstaller.ACTION_CONFIRM_PRE_APPROVAL.equals(intent.getAction())

                        || PackageInstaller.ACTION_CONFIRM_INSTALL.equals(intent.getAction());
@@ -155,7 +156,20 @@ public class InstallStart extends Activity { 
            mAbortInstall = true;

        }



        checkDevicePolicyRestrictions(isTrustedSource);

        // Bypass the unknown source user restrictions check when either of the following

        // two conditions is met:

        // 1. An installer with the INSTALL_PACKAGES permission initiated the

        // installation via the PackageInstaller APIs and not via an

        // ACTION_VIEW or ACTION_INSTALL_PACKAGE intent.

        // 2. An installer is a privileged app and initiated the installer via

        // the ACTION_INSTALL_PACKAGE or ACTION_VIEW intent, but it has set the

        // EXTRA_NOT_UNKNOWN_SOURCE flag to be true in the intent.

        final boolean isIntentInstall =

                Intent.ACTION_VIEW.equals(intentAction)

                        || Intent.ACTION_INSTALL_PACKAGE.equals(intentAction);

        final boolean bypassUnknownSourceRestrictions =

                (!isIntentInstall && isInstallPkgPermissionGranted) || isPrivilegedAndKnown;

        checkDevicePolicyRestrictions(bypassUnknownSourceRestrictions);



        final String installerPackageNameFromIntent = getIntent().getStringExtra(

                Intent.EXTRA_INSTALLER_PACKAGE_NAME);
@@ -305,9 +319,9 @@ public class InstallStart extends Activity { 
        return callingUid == installerUid;

    }



    private void checkDevicePolicyRestrictions(boolean isTrustedSource) {

    private void checkDevicePolicyRestrictions(boolean bypassUnknownSourceRestrictions) {

        String[] restrictions;

        if(isTrustedSource) {

        if (bypassUnknownSourceRestrictions) {

            restrictions = new String[] { UserManager.DISALLOW_INSTALL_APPS };

        } else {

            restrictions =  new String[] {